Update "*fake" question

LP linuxpusher2 at gmail.com
Sun Jul 3 17:19:09 UTC 2016 

Answered:
It's ok. Part of the mechanism ubuntu uses when copying packages from
debian archive. Usually to fix a security related bug in an ubuntu package
when the ubuntu package maintainer is slow to respond to the problem. More
details:


Syncs

For community-supported packages, it's possible to perfrom a fake sync from
the Debian security archive if the version in Ubuntu is the same as the
base version in Debian. Eg, if package foo in Ubuntu 8.04 LTS is at version
1.0-2, package fooin Debian Lenny also has version 1.0-2, and the DSA for
Debian uses 1.0-2+lenny1, this package is suitable for syncing into Ubuntu
using afake sync. Basically, this is a no change rebuild using the version
<Debian DSA version>build0.<ubuntu release version>.1. Eg, for the above
package, the new version in Ubuntu is 1.0-2+lenny1build0.8.04.1. To ensure
smooth upgrades from one Ubuntu release to another, you must be careful
about versioning. ‎




On 3 July 2016 at 10:32, LP <linuxpusher2 at gmail.com> wrote:

> Hi all,
> My System:
> -Version-
> Kernel        : Linux 3.19.0-32-generic (x86_64)
> Compiled        : #37~14.04.1-Ubuntu SMP Thu Oct 22 09:41:40 UTC 2015
> C Library        : Unknown
> Default C Compiler        : GNU C Compiler version 4.8.4 (Ubuntu
> 4.8.4-2ubuntu1~14.04.3)
> Distribution        : Linux Mint 17.3 Rosa
> -Current Session-
> Computer Name        : tb
> User Name        : tb (TB)
> Home Directory        : /home/tb
> Desktop Environment        : LXDE
> -Misc-
> Uptime        : 7 minutes
> Load Average        : 0.12, 0.31, 0.21
>
> ...........................................................................................................
> *is this a legit update and why is it marked "*fake"*
>
> "p7zip (9.20.1~dfsg.1-4+deb7u2build0.14.04.1) trusty-security;
> urgency=medium
>
>  * * fake sync from Debian*
>
>  -- Tyler Hicks <tyhicks at canonical.com>  Fri, 01 Jul 2016 13:34:07 -0500
>
> p7zip (9.20.1~dfsg.1-4+deb7u2) wheezy-security; urgency=high
>
>   * Non-maintainer upload by the LTS team.
>   * Fix the heap buffer overflow in UDF handler (CVS-2016-2335) using
> patches
>     from
> https://sourceforge.net/p/p7zip/discussion/383043/thread/9d0fb86b/
>     (closes: #824160).
>
>  -- Brian May <bam at debian.org>  Tue, 07 Jun 2016 08:07:49 +1000
>
> p7zip (9.20.1~dfsg.1-4+deb7u1) wheezy-security; urgency=medium
>
>   * Non-maintainer upload.
>   * Delay creation of symlinks to prevent arbitrary file writes
> (CVE-2015-1038)
>     (Closes: #774660) "
>
> Thank you
> LP
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-ca/attachments/20160703/c90af4fd/attachment.html>

More information about the ubuntu-ca mailing list